The Rules That Could've Prevented The Knight Trading Disaster Exist — The SEC Just Never Made Them Mandatory

The SEC is
considering writing regulations that would require trading firms
and other market participants to disclose issues with their
trading programs and test them before they are used on the open
market,
the FT reports.

Naturally, this could've prevented last week's Wall Street
disaster du jour at Knight Capital. The market maker's trading
glitch was caused by badly written code in a computer program
that hadn't actually been used yet.

Now we wonder – had it even been tested? We called the SEC
last week and asked if such rules were in place and the regulator
basically had no comment. Now we know that they were not.

To be fair, in 1989 the SEC released a set of voluntary
guidelines known as the Automation
Review Policies that were supposed to prevent computer issues
after the 1987 crash.

They sound something like this:

On November 16, 1989, the Securities and Exchange Commission...
published its first Automation Review Policy
(ARP)... in which it stated its view that the
self-regulatory organizations ("SROs"), on a voluntary basis,
should establish comprehensive planning and assessment programs
to determine systems capacity and vulnerability. At that
time, the Commission noted the impact that systems problems and
failures could have on public investors, broker-dealer risk
exposure and market efficiency, and as a result, urged that the
SROs take appropriate measures to ensure that, initially, their
automated trading systems "have the capacity to
accommodate current and reasonably anticipated future trading
volume levels adequately and to respond to localized emergency
conditions."

According to the FT, last Wednesday SEC Chair Mary
Schapiro asked her team to speed up rule writing that could
prevent another Knight Capital trading disaster. They're also
considering additional rules for those who supervise technology
systems and security for computer systems.

Even if they started that now, though, the rules would still have
to be considered by a 5 member board and then there would be a
period for public commenting.

And this isn't the first time the SEC has considered making ARP
rules mandatory. The Government Accountability Office suggested
that very thing to the SEC in 2004 but nothing was done. In 2010
some rules to prevent faulty trades were enacted — and the SEC is
looking into whether or not Knight violated those — but even
those rules aren't as rigorous ARP rules would be.

“With risks including algorithm-generated volume surges and
malevolent hackers still very much with us, I believe the SEC
should consider making ARP compliance mandatory...

As the SEC catches up with the realities of today’s market, it
seems an appropriate moment to require that every entity in an
interconnected system work to ensure its capacity, resiliency,
and security.”